Security Articles

8 pointer guide to secure data and applications on cloud

There has been an enormous increase in cyber-attacks in the recent past. The need for security of applications and data privacy is growing day by day. Enterprises need to be aware of the security of applications on the cloud. 

This guide provides a set of guidelines to protect data and applications on the cloud spread across SaaS, PaaS, IaaS and Private Cloud.

8 Pointer Guide to Protect & Safeguard Data and Applications on Cloud

1.    Strong Security Policy with defined protocols and process
2.    Restricted Privileged Access
3.    Protection of High-Value Cloud Assets
4.    Strong Multifactor Authentication
5.    Secure Application Development 
6.    Best in class Network Security 
7.    Middleware and Operating System Security
8.    Physical Security

Internet of Things – Security measures to be considered

The evolution of IoT has led to large bytes of data being shared with many participants. In fact, more sensitive data from sensors, industrial devices, mobiles, medical equipment etc. has been increasing tremendously. The growth in IoT has led to new ways in technology, media and telecommunications business creating values and revenue streams. 
This also has led to creating new opportunities for information compromise. As large amounts of sensitive information are being collected, communicated and analyzed there is largely a great risk in data and information compromise. 

At this juncture, the below pillars are very sensitive which leads to data and information leakage resulting in a major cyber flaw.

Introduction to Cloud Control Matrix (CCM)

Cloud Security Alliance (CSA) is a registered Foreign Non-Profit Corporation in Washington. It is founded in 2008. It provides fundamental security principles to cloud providers and assists cloud customers to ensure a secure cloud computing environment.

The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) provides a controls framework that gives a detailed understanding of security concepts and principles that are applicable to the cloud industry. It also highlights its relationship to other industry-accepted security standards, regulations and controls frameworks such as ISO27001, ISACA, COBIT, PCIDSS, HIPAA, NIST, etc. The CSA CCM highlights information security control requirements, threats, and vulnerabilities in the cloud, and security measures to be implemented in the cloud.

Cyber Security - De-brief of Year 2018

As 2018 draws to a close, cybersecurity breaches continued unabated to make headlines and causing widespread damages to enterprises. The truth is that the nature of the threat from cyber-criminals is changing, becoming increasingly invisible, menacing and the attack surface broadening by the day, making it difficult to identify and protect from potential threats. From some recent attacks, we saw medium to large scale disruption to enterprise’s infrastructure, integrity compromise and loss of trust of its data. Cryptocurrency mining malware was one of the most prominent in exploiting human weaknesses. The modus operandi was to establish relationships with the target and then eventually execute the malware. It led to customer loss, legal actions and shareholder revolt. There are still gaps and attack vectors continue to elude traditional defenses.

Need of the hour: From traditional pen testing to crowdsourced pen testing

Web applications are getting more & more complex day after day. Cloud applications are getting increasingly API driven. And the code is deployed quite faster enough nowadays. That’s why security pen testing is changing and crowd sourcing model is in demand to resolve the issues that we face in traditional pen testing. We are focusing more on agile development and digital technologies are being used extensively.

Extending Single Sign-On to Cloud: Convenience or Does it Sacrifice Security

It's challenging enough for service providers to manage security for a single cloud service, let alone multiple cloud services. But many companies are pursuing a multi-cloud strategy, a reality that seemingly conflicts with customer expectations of bulletproof yet uncomplicated security policies. 

Customers are demanding single sign-on (SSO) capabilities, but providers and customers will have to ask themselves if the convenience of cloud SSO is worth its potential security risks.

DevSecOps – Instilling a Security Culture

Do we still think cybersecurity is the sole responsibility of the Security team in an organization and it is their responsibility to assure that a released product has addressed all the security issues? Do we think it is secure to release the product into the competitive market at first and then to think about its security part? 

In order to survive in today's competitive world, IT companies have to come up with new and innovative products at a very faster pace. Adoption of DevOps has helped most organizations to compete more effectively in the market and to better serve their customers. But, for being a best-in-class technology company and to earn customer trust, is this enough? 

Penetration testing vs Vulnerability assessment

What is Vulnerability assessment?

  • Identify the security loopholes in a network or systems
  • Estimate how susceptible the network is to different vulnerabilities           

3 different ways to scan the network: -

  • Network scanning - Network scanning involves detecting all active hosts on a network and mapping them to their IP addresses. Port scanning refers to the process of sending packets to specific ports on a host and analyzing the responses to learn details about its running services or locate potential vulnerabilities.
  • Authenticated scanning - An authenticated security scan is vulnerability testing performed as a logged-in (authenticated) user. The method is also known as logged-in scanning. ... The method finds many vulnerabilities that cannot be detected through an unauthenticated scan.

The Need For a Modern Application Security Program

The Need For a Modern Application Security Program

The advent of new digital technologies has led to a significant transformation in the software development methodology in the past few years. The greater focus towards delivering customer-centric solutions has led to the adoption of new technologies & services with greater momentum. In this transformational landscape, the traditional application security practices have become outdated and require an application security program which integrates with the modern technologies and keeps pace with the development. The number of CVE reported is increasing year on year basis. For instance, in 2016, 6447 CVE’s[1] were reported, in 2017, 14714 and in 2018, 15400 have been reported, which means as enterprises are adopting modern technologies, and frameworks for software development, the attack surface has become wider and the risk of leaving the application vulnerable is higher.

Data hunting is Cybersecurity's skill of the future

Data hunting is Cybersecurity's skill of the future

The vast majority of white hat hackers who reported that they were looking for jobs in cybersecurity said that their bug hunting experience helped them land a job.

The report looked at the community of white hat hackers to better understand the skill sets and career aspirations of more than 750 security researchers and found that 41% of white hat hackers are self-taught. In addition, 80% of bug hunters said that their experience in bug hunting has helped them get a job in cybersecurity.

 “Cybersecurity isn’t a technology problem, it’s a people problem – and in the white hat hacker community there’s an army of allies waiting and ready to join the fight,” said Casey Ellis, founder and CTO at Bugcrowd in the release.

Pages

Subscribe to RSS - Security Articles